2 # Blackbox tests for kerberos client options
3 # Copyright (c) 2019 Andreas Schneider <asn@samba.org>
7 Usage: test_client_kerberos.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION
23 . $
(dirname $0)/subunit.sh
24 . $
(dirname $0)/common_test_fns.inc
26 samba_bindir
="$BINDIR"
27 samba_rpcclient
="$samba_bindir/rpcclient"
28 samba_smbclient
="$samba_bindir/smbclient"
29 samba_smbtorture
="$samba_bindir/smbtorture"
31 samba_kinit
=$
(system_or_builddir_binary kinit
"${BINDIR}" samba4kinit
)
32 samba_kdestroy
=$
(system_or_builddir_binary kdestroy
"${BINDIR}" samba4kdestroy
)
34 test_rpc_getusername
()
39 if [ $ret -ne 0 ]; then
40 echo "Failed to connect! Error: $ret"
45 echo "$out" |
grep -q "Account Name: $USERNAME, Authority Name: $DOMAIN"
47 if [ $ret -ne 0 ]; then
48 echo "Incorrect account/authority name! Error: $ret"
61 if [ $ret -ne 0 ]; then
62 echo "Failed to connect! Error: $ret"
69 test_smbclient_kerberos
()
74 if [ $ret -ne 0 ]; then
75 echo "Failed to connect! Error: $ret"
80 echo "$out" |
grep "Doing init for" >/dev
/null
2>&1
82 if [ $ret -eq 0 ]; then
83 echo "Kinit failed for smbclient"
91 KRB5CCNAME_PATH
="$PREFIX/ccache_client_kerberos"
92 KRB5CCNAME
="FILE:$KRB5CCNAME_PATH"
95 ### RPCCLIENT (legacy)
96 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c getusername 2>&1'
97 testit
"test rpcclient legacy ntlm" \
98 test_rpc_getusername ||
99 failed
=$
(expr $failed + 1)
101 cmd
='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --configfile=${CONFIGURATION} -c getusername 2>&1'
102 testit
"test rpcclient legacy ntlm interactive" \
103 test_rpc_getusername ||
104 failed
=$
(expr $failed + 1)
106 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --configfile=${CONFIGURATION} -c getusername 2>&1'
107 testit
"test rpcclient legacy ntlm interactive with -U" \
108 test_rpc_getusername ||
109 failed
=$
(expr $failed + 1)
111 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
112 testit
"test rpcclient legacy kerberos" \
113 test_rpc_getusername ||
114 failed
=$
(expr $failed + 1)
116 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
117 testit_expect_failure
"test rpcclient legacy kerberos interactive (negative test)" \
118 test_rpc_getusername ||
119 failed
=$
(expr $failed + 1)
121 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
122 cmd
='$samba_rpcclient ncacn_np:${SERVER} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
123 testit
"test rpcclient legacy kerberos ccache" \
124 test_rpc_getusername ||
125 failed
=$
(expr $failed + 1)
129 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
130 testit
"test rpcclient ntlm" \
131 test_rpc_getusername ||
132 failed
=$
(expr $failed + 1)
134 cmd
='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
135 testit
"test rpcclient ntlm interactive" \
136 test_rpc_getusername ||
137 failed
=$
(expr $failed + 1)
139 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
140 testit
"test rpcclient ntlm interactive with -U" \
141 test_rpc_getusername ||
142 failed
=$
(expr $failed + 1)
144 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c getusername 2>&1'
145 testit
"test rpcclient kerberos" \
146 test_rpc_getusername ||
147 failed
=$
(expr $failed + 1)
149 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
150 testit_expect_failure
"test rpcclient kerberos interactive (negative test)" \
151 test_rpc_getusername ||
152 failed
=$
(expr $failed + 1)
154 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
155 cmd
='$samba_rpcclient ncacn_np:${SERVER} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
156 testit
"test rpcclient kerberos ccache" \
157 test_rpc_getusername ||
158 failed
=$
(expr $failed + 1)
161 ### SMBTORTURE (legacy)
163 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
164 testit
"test smbtorture legacy default" \
165 test_rpc_getusername ||
166 failed
=$
(expr $failed + 1)
168 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
169 testit
"test smbtorture legacy ntlm (kerberos=no)" \
170 test_rpc_getusername ||
171 failed
=$
(expr $failed + 1)
173 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
174 testit
"test smbtorture legacy kerberos=yes" \
175 test_rpc_getusername ||
176 failed
=$
(expr $failed + 1)
178 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
179 cmd
='$samba_smbtorture -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
180 testit
"test smbtorture legacy kerberos=yes ccache" \
181 test_rpc_getusername ||
182 failed
=$
(expr $failed + 1)
185 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
186 cmd
='$samba_smbtorture -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
187 testit_expect_failure
"test smbtorture legacy kerberos=no ccache (negative test)" \
188 test_rpc_getusername ||
189 failed
=$
(expr $failed + 1)
194 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
195 testit
"test smbtorture default" \
196 test_rpc_getusername ||
197 failed
=$
(expr $failed + 1)
199 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
200 testit
"test smbtorture ntlm (kerberos=no)" \
201 test_rpc_getusername ||
202 failed
=$
(expr $failed + 1)
204 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
205 testit
"test smbtorture kerberos=yes" \
206 test_rpc_getusername ||
207 failed
=$
(expr $failed + 1)
209 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
210 cmd
='$samba_smbtorture --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
211 testit
"test smbtorture kerberos=yes ccache" \
212 test_rpc_getusername ||
213 failed
=$
(expr $failed + 1)
216 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
217 cmd
='$samba_smbtorture --use-kerbers=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
218 testit_expect_failure
"test smbtorture kerberos=no ccache (negative test)" \
219 test_rpc_getusername ||
220 failed
=$
(expr $failed + 1)
223 ### SMBCLIENT (legacy)
224 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c "ls; quit"'
225 testit
"test smbclient legacy ntlm" \
227 failed
=$
(expr $failed + 1)
229 cmd
='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --configfile=${CONFIGURATION} -c "ls; quit"'
230 testit
"test smbclient legacy ntlm interactive" \
232 failed
=$
(expr $failed + 1)
234 cmd
='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --configfile=${CONFIGURATION} -c "ls; quit"'
235 testit
"test smbclient legacy ntlm interactive with -U" \
237 failed
=$
(expr $failed + 1)
239 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c "ls; quit"'
240 testit
"test smbclient legacy kerberos" \
242 failed
=$
(expr $failed + 1)
244 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
245 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -k --configfile=${CONFIGURATION} -c "ls; quit"'
246 testit
"test smbclient legacy kerberos ccache" \
248 failed
=$
(expr $failed + 1)
251 ### SMBCLIENT tests for --use-kerberos=desired|required|disabled
252 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
253 testit
"test smbclient ntlm" \
255 failed
=$
(expr $failed + 1)
257 cmd
='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
258 testit
"test smbclient ntlm interactive" \
260 failed
=$
(expr $failed + 1)
262 cmd
='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
263 testit
"test smbclient ntlm interactive with -U" \
265 failed
=$
(expr $failed + 1)
267 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=desired --configfile=${CONFIGURATION} -c "ls; quit"'
268 testit
"test smbclient kerberos=desired" \
269 test_smbclient_kerberos ||
270 failed
=$
(expr $failed + 1)
272 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c "ls; quit"'
273 testit
"test smbclient kerberos=required" \
274 test_smbclient_kerberos ||
275 failed
=$
(expr $failed + 1)
277 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
278 cmd
='$samba_smbclient //${SERVER}/tmp --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c "ls; quit"'
279 testit
"test smbclient kerberos=required ccache" \
281 failed
=$
(expr $failed + 1)
284 rm -rf $KRB5CCNAME_PATH